aland/nixpkgs-odroid-hc4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

uboot: (firmwareOdroidC2/C4) don't invoke patch tool, use patches = [] instead

Browse source 
https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/setup.sh#L948
this can do it nicely.

Signed-off-by: Anton Arapov <anton@deadbeef.mx>
This commit is contained in:
Anton Arapov 2021-04-03 12:58:10 +02:00 committed by Alan Daniels
commit 56de2bcd43
30691 changed files with 3076956 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

573
pkgs/applications/networking/browsers/firefox/common.nix Normal file
View file

@ -0,0 +1,573 @@
{ pname
, version
, meta
, updateScript ? null
, binaryName ? "firefox"
, application ? "browser"
, applicationName ? "Mozilla Firefox"
, src
, unpackPhase ? null
, extraPatches ? []
, extraPostPatch ? ""
, extraNativeBuildInputs ? []
, extraConfigureFlags ? []
, extraBuildInputs ? []
, extraMakeFlags ? []
, extraPassthru ? {}
, tests ? []
}:
{ lib
, pkgs
, stdenv
# build time
, autoconf
, cargo
, dump_syms
, makeWrapper
, nodejs
, perl
, pkg-config
, pkgsCross # wasm32 rlbox
, python3
, runCommand
, rustc
, rust-cbindgen
, rustPlatform
, unzip
, which
, wrapGAppsHook
# runtime
, bzip2
, dbus
, dbus-glib
, file
, fontconfig
, freetype
, glib
, gnum4
, gtk3
, icu
, libGL
, libGLU
, libevent
, libffi
, libjpeg
, libpng
, libstartup_notification
, libvpx
, libwebp
, nasm
, nspr
, nss_esr
, nss_latest
, pango
, xorg
, zip
, zlib
, pkgsBuildBuild
# optionals
## debugging
, debugBuild ? false
# On 32bit platforms, we disable adding "-g" for easier linking.
, enableDebugSymbols ? !stdenv.is32bit
## optional libraries
, alsaSupport ? stdenv.isLinux, alsa-lib
, ffmpegSupport ? true
, gssSupport ? true, libkrb5
, jackSupport ? stdenv.isLinux, libjack2
, jemallocSupport ? true, jemalloc
, ltoSupport ? (stdenv.isLinux && stdenv.is64bit), overrideCC, buildPackages
, pgoSupport ? (stdenv.isLinux && stdenv.isx86_64 && stdenv.hostPlatform == stdenv.buildPlatform), xvfb-run
, pipewireSupport ? waylandSupport && webrtcSupport
, pulseaudioSupport ? stdenv.isLinux, libpulseaudio
, sndioSupport ? stdenv.isLinux, sndio
, waylandSupport ? true, libxkbcommon, libdrm
## privacy-related options
, privacySupport ? false
# WARNING: NEVER set any of the options below to `true` by default.
# Set to `!privacySupport` or `false`.
, crashreporterSupport ? !privacySupport
, geolocationSupport ? !privacySupport
, googleAPISupport ? geolocationSupport
, mlsAPISupport ? geolocationSupport
, webrtcSupport ? !privacySupport
# digital rights managemewnt
# This flag controls whether Firefox will show the nagbar, that allows
# users at runtime the choice to enable Widevine CDM support when a site
# requests it.
# Controlling the nagbar and widevine CDM at runtime is possible by setting
# `browser.eme.ui.enabled` and `media.gmp-widevinecdm.enabled` accordingly
, drmSupport ? true
# As stated by Sylvestre Ledru (@sylvestre) on Nov 22, 2017 at
# https://github.com/NixOS/nixpkgs/issues/31843#issuecomment-346372756 we
# have permission to use the official firefox branding.
#
# For purposes of documentation the statement of @sylvestre:
# > As the person who did part of the work described in the LWN article
# > and release manager working for Mozilla, I can confirm the statement
# > that I made in
# > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815006
# >
# > @garbas shared with me the list of patches applied for the Nix package.
# > As they are just for portability and tiny modifications, they don't
# > alter the experience of the product. In parallel, Rok also shared the
# > build options. They seem good (even if I cannot judge the quality of the
# > packaging of the underlying dependencies like sqlite, png, etc).
# > Therefor, as long as you keep the patch queue sane and you don't alter
# > the experience of Firefox users, you won't have any issues using the
# > official branding.
, enableOfficialBranding ? true
}:
assert stdenv.cc.libc or null != null;
assert pipewireSupport -> !waylandSupport || !webrtcSupport -> throw "${pname}: pipewireSupport requires both wayland and webrtc support.";
let
flag = tf: x: [(if tf then "--enable-${x}" else "--disable-${x}")];
# Target the LLVM version that rustc is built with for LTO.
llvmPackages0 = rustc.llvmPackages;
llvmPackagesBuildBuild0 = pkgsBuildBuild.rustc.llvmPackages;
# Force the use of lld and other llvm tools for LTO
llvmPackages = llvmPackages0.override {
bootBintoolsNoLibc = null;
bootBintools = null;
};
llvmPackagesBuildBuild = llvmPackagesBuildBuild0.override {
bootBintoolsNoLibc = null;
bootBintools = null;
};
# LTO requires LLVM bintools including ld.lld and llvm-ar.
buildStdenv = overrideCC llvmPackages.stdenv (llvmPackages.stdenv.cc.override {
bintools = if ltoSupport then buildPackages.rustc.llvmPackages.bintools else stdenv.cc.bintools;
});
# Compile the wasm32 sysroot to build the RLBox Sandbox
# https://hacks.mozilla.org/2021/12/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/
# We only link c++ libs here, our compiler wrapper can find wasi libc and crt itself.
wasiSysRoot = runCommand "wasi-sysroot" {} ''
mkdir -p $out/lib/wasm32-wasi
for lib in ${pkgsCross.wasi32.llvmPackages.libcxx}/lib/* ${pkgsCross.wasi32.llvmPackages.libcxxabi}/lib/*; do
ln -s $lib $out/lib/wasm32-wasi
done
'';
distributionIni = pkgs.writeText "distribution.ini" (lib.generators.toINI {} {
# Some light branding indicating this build uses our distro preferences
Global = {
id = "nixos";
version = "1.0";
about = "${applicationName} for NixOS";
};
Preferences = {
# These values are exposed through telemetry
"app.distributor" = "nixos";
"app.distributor.channel" = "nixpkgs";
"app.partner.nixos" = "nixos";
};
});
defaultPrefs = {
"geo.provider.network.url" = {
value = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
reason = "Use MLS by default for geolocation, since our Google API Keys are not working";
};
};
defaultPrefsFile = pkgs.writeText "nixos-default-prefs.js" (lib.concatStringsSep "\n" (lib.mapAttrsToList (key: value: ''
// ${value.reason}
pref("${key}", ${builtins.toJSON value.value});
'') defaultPrefs));
in
buildStdenv.mkDerivation ({
name = "${pname}-unwrapped-${version}";
inherit version;
inherit src unpackPhase meta;
outputs = [
"out"
]
++ lib.optionals crashreporterSupport [ "symbols" ];
# Add another configure-build-profiling run before the final configure phase if we build with pgo
preConfigurePhases = lib.optionals pgoSupport [
"configurePhase"
"buildPhase"
"profilingPhase"
];
patches = [
]
++ lib.optional (lib.versionAtLeast version "86") ./env_var_for_system_dir-ff86.patch
++ lib.optional (lib.versionAtLeast version "90" && lib.versionOlder version "95") ./no-buildconfig-ffx90.patch
++ lib.optional (lib.versionAtLeast version "96") ./no-buildconfig-ffx96.patch
++ extraPatches;
postPatch = ''
rm -rf obj-x86_64-pc-linux-gnu
patchShebangs mach
''
+ extraPostPatch;
# Ignore trivial whitespace changes in patches, this fixes compatibility of
# ./env_var_for_system_dir.patch with Firefox >=65 without having to track
# two patches.
patchFlags = [ "-p1" "-l" ];
# if not explicitly set, wrong cc from buildStdenv would be used
HOST_CC = "${llvmPackagesBuildBuild.stdenv.cc}/bin/cc";
HOST_CXX = "${llvmPackagesBuildBuild.stdenv.cc}/bin/c++";
nativeBuildInputs = [
autoconf
cargo
gnum4
llvmPackagesBuildBuild.bintools
makeWrapper
nodejs
perl
pkg-config
python3
rust-cbindgen
rustPlatform.bindgenHook
rustc
unzip
which
wrapGAppsHook
]
++ lib.optionals crashreporterSupport [ dump_syms ]
++ lib.optionals pgoSupport [ xvfb-run ]
++ extraNativeBuildInputs;
setOutputFlags = false; # `./mach configure` doesn't understand `--*dir=` flags.
preConfigure = ''
# remove distributed configuration files
rm -f configure js/src/configure .mozconfig*
# Runs autoconf through ./mach configure in configurePhase
configureScript="$(realpath ./mach) configure"
# Set predictable directories for build and state
export MOZ_OBJDIR=$(pwd)/mozobj
export MOZBUILD_STATE_PATH=$(pwd)/mozbuild
# Don't try to send libnotify notifications during build
export MOZ_NOSPAM=1
# Set consistent remoting name to ensure wmclass matches with desktop file
export MOZ_APP_REMOTINGNAME="${binaryName}"
# AS=as in the environment causes build failure
# https://bugzilla.mozilla.org/show_bug.cgi?id=1497286
unset AS
'' + lib.optionalString (lib.versionAtLeast version "100.0") ''
# Use our own python
export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system
'' + lib.optionalString (lib.versionOlder version "100.0") ''
# Use our own python
export MACH_USE_SYSTEM_PYTHON=1
'' + lib.optionalString (lib.versionAtLeast version "95.0") ''
# RBox WASM Sandboxing
export WASM_CC=${pkgsCross.wasi32.stdenv.cc}/bin/${pkgsCross.wasi32.stdenv.cc.targetPrefix}cc
export WASM_CXX=${pkgsCross.wasi32.stdenv.cc}/bin/${pkgsCross.wasi32.stdenv.cc.targetPrefix}c++
'' + lib.optionalString pgoSupport ''
if [ -e "$TMPDIR/merged.profdata" ]; then
echo "Configuring with profiling data"
for i in "''${!configureFlagsArray[@]}"; do
if [[ ''${configureFlagsArray[i]} = "--enable-profile-generate=cross" ]]; then
unset 'configureFlagsArray[i]'
fi
done
configureFlagsArray+=(
"--enable-profile-use=cross"
"--with-pgo-profile-path="$TMPDIR/merged.profdata""
"--with-pgo-jarlog="$TMPDIR/jarlog""
)
else
echo "Configuring to generate profiling data"
configureFlagsArray+=(
"--enable-profile-generate=cross"
)
fi
'' + lib.optionalString googleAPISupport ''
# Google API key used by Chromium and Firefox.
# Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
# please get your own set of keys at https://www.chromium.org/developers/how-tos/api-keys/.
echo "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI" > $TMPDIR/google-api-key
# 60.5+ & 66+ did split the google API key arguments: https://bugzilla.mozilla.org/show_bug.cgi?id=1531176
configureFlagsArray+=("--with-google-location-service-api-keyfile=$TMPDIR/google-api-key")
configureFlagsArray+=("--with-google-safebrowsing-api-keyfile=$TMPDIR/google-api-key")
'' + lib.optionalString mlsAPISupport ''
# Mozilla Location services API key
# Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
# please get your own set of keys at https://location.services.mozilla.com/api.
echo "dfd7836c-d458-4917-98bb-421c82d3c8a0" > $TMPDIR/mls-api-key
configureFlagsArray+=("--with-mozilla-api-keyfile=$TMPDIR/mls-api-key")
'' + lib.optionalString (enableOfficialBranding && !stdenv.is32bit) ''
export MOZILLA_OFFICIAL=1
'';
# firefox has a different definition of configurePlatforms from nixpkgs, see configureFlags
configurePlatforms = [ ];
configureFlags = [
"--disable-tests"
"--disable-updater"
"--enable-application=${application}"
"--enable-default-toolkit=cairo-gtk3${lib.optionalString waylandSupport "-wayland"}"
"--enable-system-pixman"
"--with-distribution-id=org.nixos"
"--with-libclang-path=${llvmPackagesBuildBuild.libclang.lib}/lib"
"--with-system-ffi"
"--with-system-icu"
"--with-system-jpeg"
"--with-system-libevent"
"--with-system-libvpx"
"--with-system-nspr"
"--with-system-nss"
"--with-system-png" # needs APNG support
"--with-system-webp"
"--with-system-zlib"
# for firefox, host is buildPlatform, target is hostPlatform
"--host=${buildStdenv.buildPlatform.config}"
"--target=${buildStdenv.hostPlatform.config}"
]
# LTO is done using clang and lld on Linux.
++ lib.optionals ltoSupport [
"--enable-lto=cross" # Cross-Language LTO
"--enable-linker=lld"
]
# elf-hack is broken when using clang+lld:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1482204
++ lib.optional (ltoSupport && (buildStdenv.isAarch32 || buildStdenv.isi686 || buildStdenv.isx86_64)) "--disable-elf-hack"
++ lib.optional (lib.versionAtLeast version "95") "--with-wasi-sysroot=${wasiSysRoot}"
++ flag alsaSupport "alsa"
++ flag jackSupport "jack"
++ flag pulseaudioSupport "pulseaudio"
++ lib.optional (lib.versionAtLeast version "100") (flag sndioSupport "sndio")
++ flag ffmpegSupport "ffmpeg"
++ flag jemallocSupport "jemalloc"
++ flag geolocationSupport "necko-wifi"
++ flag gssSupport "negotiateauth"
++ flag webrtcSupport "webrtc"
++ flag crashreporterSupport "crashreporter"
++ lib.optional (!drmSupport) "--disable-eme"
++ (if debugBuild then [ "--enable-debug" "--enable-profiling" ]
else [ "--disable-debug" "--enable-optimize" ])
# --enable-release adds -ffunction-sections & LTO that require a big amount of
# RAM and the 32-bit memory space cannot handle that linking
++ flag (!debugBuild && !stdenv.is32bit) "release"
++ flag enableDebugSymbols "debug-symbols"
++ lib.optionals enableDebugSymbols [ "--disable-strip" "--disable-install-strip" ]
++ lib.optional enableOfficialBranding "--enable-official-branding"
++ extraConfigureFlags;
buildInputs = [
bzip2
dbus
dbus-glib
file
fontconfig
freetype
glib
gtk3
icu
libffi
libGL
libGLU
libevent
libjpeg
libpng
libstartup_notification
libvpx
libwebp
nasm
nspr
pango
perl
xorg.libX11
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXft
xorg.libXi
xorg.libXrender
xorg.libXt
xorg.libXtst
xorg.pixman
xorg.xorgproto
zip
zlib
]
++ [ (if (lib.versionAtLeast version "92") then nss_latest else nss_esr) ]
++ lib.optional alsaSupport alsa-lib
++ lib.optional jackSupport libjack2
++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed
++ lib.optional (sndioSupport && lib.versionAtLeast version "100") sndio
++ lib.optional gssSupport libkrb5
++ lib.optionals waylandSupport [ libxkbcommon libdrm ]
++ lib.optional jemallocSupport jemalloc
++ extraBuildInputs;
profilingPhase = lib.optionalString pgoSupport ''
# Package up Firefox for profiling
./mach package
# Run profiling
(
export HOME=$TMPDIR
export LLVM_PROFDATA=llvm-profdata
export JARLOG_FILE="$TMPDIR/jarlog"
xvfb-run -w 10 -s "-screen 0 1920x1080x24" \
./mach python ./build/pgo/profileserver.py
)
# Copy profiling data to a place we can easily reference
cp ./merged.profdata $TMPDIR/merged.profdata
# Clean build dir
./mach clobber
'';
preBuild = ''
cd mozobj
'';
postBuild = ''
cd ..
'';
makeFlags = extraMakeFlags;
separateDebugInfo = enableDebugSymbols;
enableParallelBuilding = true;
# tests were disabled in configureFlags
doCheck = false;
# Generate build symbols once after the final build
# https://firefox-source-docs.mozilla.org/crash-reporting/uploading_symbol.html
preInstall = lib.optionalString crashreporterSupport ''
./mach buildsymbols
mkdir -p $symbols/
cp mozobj/dist/*.crashreporter-symbols.zip $symbols/
'' + ''
cd mozobj
'';
postInstall = ''
# Install distribution customizations
install -Dvm644 ${distributionIni} $out/lib/${binaryName}/distribution/distribution.ini
install -Dvm644 ${defaultPrefsFile} $out/lib/${binaryName}/browser/defaults/preferences/nixos-default-prefs.js
'' + lib.optionalString buildStdenv.isLinux ''
# Remove SDK cruft. FIXME: move to a separate output?
rm -rf $out/share/idl $out/include $out/lib/${binaryName}-devel-*
# Needed to find Mozilla runtime
gappsWrapperArgs+=(--argv0 "$out/bin/.${binaryName}-wrapped")
'';
# Workaround: The separateDebugInfo hook skips artifacts whose build ID's length is not 40.
# But we got 16-length build ID here. The function body is mainly copied from pkgs/build-support/setup-hooks/separate-debug-info.sh
# Remove it when https://github.com/NixOS/nixpkgs/pull/146275 is merged.
preFixup = lib.optionalString enableDebugSymbols ''
_separateDebugInfo() {
[ -e "$prefix" ] || return 0
local dst="''${debug:-$out}"
if [ "$prefix" = "$dst" ]; then return 0; fi
dst="$dst/lib/debug/.build-id"
# Find executables and dynamic libraries.
local i
while IFS= read -r -d $'\0' i; do
if ! isELF "$i"; then continue; fi
# Extract the Build ID. FIXME: there's probably a cleaner way.
local id="$($READELF -n "$i" | sed 's/.*Build ID: \([0-9a-f]*\).*/\1/; t; d')"
if [[ -z "$id" ]]; then
echo "could not find build ID of $i, skipping" >&2
continue
fi
# Extract the debug info.
header "separating debug info from $i (build ID $id)"
mkdir -p "$dst/''${id:0:2}"
$OBJCOPY --only-keep-debug "$i" "$dst/''${id:0:2}/''${id:2}.debug"
$STRIP --strip-debug "$i"
# Also a create a symlink <original-name>.debug.
ln -sfn ".build-id/''${id:0:2}/''${id:2}.debug" "$dst/../$(basename "$i")"
done < <(find "$prefix" -type f -print0)
}
'';
doInstallCheck = true;
installCheckPhase = ''
# Some basic testing
"$out/bin/${binaryName}" --version
'';
passthru = {
inherit updateScript;
inherit version;
inherit alsaSupport;
inherit binaryName;
inherit jackSupport;
inherit pipewireSupport;
inherit sndioSupport;
inherit nspr;
inherit ffmpegSupport;
inherit gssSupport;
inherit tests;
inherit gtk3;
inherit wasiSysRoot;
} // extraPassthru;
hardeningDisable = [ "format" ]; # -Werror=format-security
# the build system verifies checksums of the bundled rust sources
# ./third_party/rust is be patched by our libtool fixup code in stdenv
# unfortunately we can't just set this to `false` when we do not want it.
# See https://github.com/NixOS/nixpkgs/issues/77289 for more details
# Ideally we would figure out how to tell the build system to not
# care about changed hashes as we are already doing that when we
# fetch the sources. Any further modifications of the source tree
# is on purpose by some of our tool (or by accident and a bug?).
dontFixLibtool = true;
# on aarch64 this is also required
dontUpdateAutotoolsGnuConfigScripts = true;
requiredSystemFeatures = [ "big-parallel" ];
})

21
pkgs/applications/networking/browsers/firefox/env_var_for_system_dir-ff86.patch Normal file
View file

@ -0,0 +1,21 @@
diff -r 22fc47c968f2 toolkit/xre/nsXREDirProvider.cpp
--- a/toolkit/xre/nsXREDirProvider.cpp Mon Dec 14 15:09:17 2020 +0000
+++ b/toolkit/xre/nsXREDirProvider.cpp Tue Feb 23 23:38:56 2021 +0100
@@ -11,6 +11,7 @@
#include "jsapi.h"
#include "xpcpublic.h"
+#include "prenv.h"
#include "nsIAppStartup.h"
#include "nsIFile.h"
@@ -305,7 +306,8 @@
"/usr/lib/mozilla"_ns
# endif
;
- rv = NS_NewNativeLocalFile(dirname, false, getter_AddRefs(localDir));
+ const char* pathVar = PR_GetEnv("MOZ_SYSTEM_DIR");
+ rv = NS_NewNativeLocalFile((pathVar && *pathVar) ? nsDependentCString(pathVar) : reinterpret_cast<const nsCString&>(dirname), false, getter_AddRefs(localDir));
# endif
if (NS_SUCCEEDED(rv)) {

22
pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx90.patch Normal file
View file

@ -0,0 +1,22 @@
--- a/docshell/base/nsAboutRedirector.cpp
+++ b/docshell/base/nsAboutRedirector.cpp
@@ -66,8 +66,6 @@ static const RedirEntry kRedirMap[] = {
{"about", "chrome://global/content/aboutAbout.html", 0},
{"addons", "chrome://mozapps/content/extensions/aboutaddons.html",
nsIAboutModule::ALLOW_SCRIPT},
- {"buildconfig", "chrome://global/content/buildconfig.html",
- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT},
{"checkerboard", "chrome://global/content/aboutCheckerboard.html",
nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
nsIAboutModule::ALLOW_SCRIPT},
--- a/toolkit/content/jar.mn
+++ b/toolkit/content/jar.mn
@@ -39,8 +39,6 @@ toolkit.jar:
content/global/plugins.html
content/global/plugins.css
content/global/plugins.js
-* content/global/buildconfig.html
- content/global/buildconfig.css
content/global/contentAreaUtils.js
content/global/datepicker.xhtml
#ifndef MOZ_FENNEC

27
pkgs/applications/networking/browsers/firefox/no-buildconfig-ffx96.patch Normal file
View file

@ -0,0 +1,27 @@
diff --git a/docshell/base/nsAboutRedirector.cpp b/docshell/base/nsAboutRedirector.cpp
index e7be91a248..5eb98534ee 100644
--- a/docshell/base/nsAboutRedirector.cpp
+++ b/docshell/base/nsAboutRedirector.cpp
@@ -66,9 +66,6 @@ static const RedirEntry kRedirMap[] = {
{"about", "chrome://global/content/aboutAbout.html", 0},
{"addons", "chrome://mozapps/content/extensions/aboutaddons.html",
nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
- {"buildconfig", "chrome://global/content/buildconfig.html",
- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
- nsIAboutModule::IS_SECURE_CHROME_UI},
{"checkerboard", "chrome://global/content/aboutCheckerboard.html",
nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
nsIAboutModule::ALLOW_SCRIPT},
diff --git a/toolkit/content/jar.mn b/toolkit/content/jar.mn
index 74c0ae8f34..a5d9645a96 100644
--- a/toolkit/content/jar.mn
+++ b/toolkit/content/jar.mn
@@ -41,8 +41,6 @@ toolkit.jar:
content/global/plugins.css
content/global/plugins.js
#endif
-* content/global/buildconfig.html
- content/global/buildconfig.css
content/global/contentAreaUtils.js
content/global/datepicker.xhtml
#ifndef MOZ_FENNEC

54
pkgs/applications/networking/browsers/firefox/packages.nix Normal file
View file

@ -0,0 +1,54 @@
{ stdenv, lib, callPackage, fetchurl, fetchpatch, nixosTests, buildMozillaMach }:
rec {
firefox = buildMozillaMach rec {
pname = "firefox";
version = "101.0";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "fffe7e0940c1443fcdc5b205677764cb4e04b29f33fcfafb2857d383700584f309806b81fc4989efb56cc12a3cca1ff7d451b647050c43e98777b5c952ed5d56";
};
meta = {
description = "A web browser built from Firefox source tree";
homepage = "http://www.mozilla.com/en-US/firefox/";
maintainers = with lib.maintainers; [ lovesegfault hexa ];
platforms = lib.platforms.unix;
badPlatforms = lib.platforms.darwin;
broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory".
# not in `badPlatforms` because cross-compilation on 64-bit machine might work.
maxSilent = 14400; # 4h, double the default of 7200s (c.f. #129212, #129115)
license = lib.licenses.mpl20;
};
tests = [ nixosTests.firefox ];
updateScript = callPackage ./update.nix {
attrPath = "firefox-unwrapped";
};
};
firefox-esr-91 = buildMozillaMach rec {
pname = "firefox-esr";
version = "91.10.0esr";
applicationName = "Mozilla Firefox ESR";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "8344b829d7bd86250afdd4cb582e27ed5705b3ef48aec50b9a39abc17deba86c9fd721f4667f5c2155e3d7cd1d6e1f82ff8e218ced3a16a4e06bb414ee0690f8";
};
meta = {
description = "A web browser built from Firefox Extended Support Release source tree";
homepage = "http://www.mozilla.com/en-US/firefox/";
maintainers = with lib.maintainers; [ hexa ];
platforms = lib.platforms.unix;
badPlatforms = lib.platforms.darwin;
broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory".
# not in `badPlatforms` because cross-compilation on 64-bit machine might work.
license = lib.licenses.mpl20;
};
tests = [ nixosTests.firefox-esr-91 ];
updateScript = callPackage ./update.nix {
attrPath = "firefox-esr-91-unwrapped";
versionSuffix = "esr";
};
};
}

47
pkgs/applications/networking/browsers/firefox/update.nix Normal file
View file

@ -0,0 +1,47 @@
{ writeScript
, lib
, xidel
, common-updater-scripts
, coreutils
, gnused
, gnugrep
, curl
, gnupg
, attrPath
, runtimeShell
, baseUrl ? "http://archive.mozilla.org/pub/firefox/releases/"
, versionSuffix ? ""
, versionKey ? "version"
}:
writeScript "update-${attrPath}" ''
#!${runtimeShell}
PATH=${lib.makeBinPath [ common-updater-scripts coreutils curl gnugrep gnupg gnused xidel ]}
set -eux
HOME=`mktemp -d`
export GNUPGHOME=`mktemp -d`
gpg --receive-keys 14F26682D0916CDD81E37B6D61B7B526D98F0353
url=${baseUrl}
# retriving latest released version
# - extracts all links from the $url
# - extracts lines only with number and dots followed by a slash
# - removes trailing slash
# - sorts everything with semver in mind
# - picks up latest release
version=`xidel -s $url --extract "//a" | \
grep "^[0-9.]*${versionSuffix}/$" | \
sed s/[/]$// | \
sort --version-sort | \
tail -n 1`
curl --silent --show-error -o "$HOME"/shasums "$url$version/SHA512SUMS"
curl --silent --show-error -o "$HOME"/shasums.asc "$url$version/SHA512SUMS.asc"
gpgv --keyring="$GNUPGHOME"/pubring.kbx "$HOME"/shasums.asc "$HOME"/shasums
hash=$(grep '\.source\.tar\.xz$' "$HOME"/shasums | grep '^[^ ]*' -o)
update-source-version ${attrPath} "$version" "$hash" "" --version-key=${versionKey}
''

359
pkgs/applications/networking/browsers/firefox/wrapper.nix Normal file
View file

@ -0,0 +1,359 @@
{ stdenv, lib, makeDesktopItem, makeWrapper, makeBinaryWrapper, lndir, config
, fetchurl, zip, unzip, jq, xdg-utils, writeText
## various stuff that can be plugged in
, ffmpeg, xorg, alsa-lib, libpulseaudio, libcanberra-gtk3, libglvnd, libnotify, opensc
, gnome/*.gnome-shell*/
, browserpass, chrome-gnome-shell, uget-integrator, plasma5Packages, bukubrow, pipewire
, tridactyl-native
, fx_cast_bridge
, udev
, libkrb5
, libva
, mesa # firefox wants gbm for drm+dmabuf
, cups
, pciutils
, sndio
, libjack2
}:
## configurability of the wrapper itself
browser:
let
wrapper =
{ applicationName ? browser.binaryName or (lib.getName browser)
, pname ? applicationName
, version ? lib.getVersion browser
, desktopName ? # applicationName with first letter capitalized
(lib.toUpper (lib.substring 0 1 applicationName) + lib.substring 1 (-1) applicationName)
, nameSuffix ? ""
, icon ? applicationName
, wmClass ? null
, extraNativeMessagingHosts ? []
, pkcs11Modules ? []
, forceWayland ? false
, useGlvnd ? true
, cfg ? config.${applicationName} or {}
## Following options are needed for extra prefs & policies
# For more information about anti tracking (german website)
# visit https://wiki.kairaven.de/open/app/firefox
, extraPrefs ? ""
, extraPrefsFiles ? []
# For more information about policies visit
# https://github.com/mozilla/policy-templates#enterprisepoliciesenabled
, extraPolicies ? {}
, extraPoliciesFiles ? []
, libName ? browser.libName or "firefox" # Important for tor package or the like
, nixExtensions ? null
}:
let
ffmpegSupport = browser.ffmpegSupport or false;
gssSupport = browser.gssSupport or false;
alsaSupport = browser.alsaSupport or false;
pipewireSupport = browser.pipewireSupport or false;
sndioSupport = browser.sndioSupport or false;
jackSupport = browser.jackSupport or false;
# PCSC-Lite daemon (services.pcscd) also must be enabled for firefox to access smartcards
smartcardSupport = cfg.smartcardSupport or false;
nativeMessagingHosts =
([ ]
++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass)
++ lib.optional (cfg.enableBukubrow or false) bukubrow
++ lib.optional (cfg.enableTridactylNative or false) tridactyl-native
++ lib.optional (cfg.enableGnomeExtensions or false) chrome-gnome-shell
++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator
++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma5Packages.plasma-browser-integration
++ lib.optional (cfg.enableFXCastBridge or false) fx_cast_bridge
++ extraNativeMessagingHosts
);
libs = lib.optionals stdenv.isLinux [ udev libva mesa libnotify xorg.libXScrnSaver cups pciutils ]
++ lib.optional pipewireSupport pipewire
++ lib.optional ffmpegSupport ffmpeg
++ lib.optional gssSupport libkrb5
++ lib.optional useGlvnd libglvnd
++ lib.optionals (cfg.enableQuakeLive or false)
(with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsa-lib zlib ])
++ lib.optional (config.pulseaudio or true) libpulseaudio
++ lib.optional alsaSupport alsa-lib
++ lib.optional sndioSupport sndio
++ lib.optional jackSupport libjack2
++ lib.optional smartcardSupport opensc
++ pkcs11Modules;
gtk_modules = [ libcanberra-gtk3 ];
#########################
# #
# EXTRA PREF CHANGES #
# #
#########################
policiesJson = writeText "policies.json" (builtins.toJSON enterprisePolicies);
usesNixExtensions = nixExtensions != null;
nameArray = builtins.map(a: a.name) (if usesNixExtensions then nixExtensions else []);
# Check that every extension has a unqiue .name attribute
# and an extid attribute
extensions = if nameArray != (lib.unique nameArray) then
throw "Firefox addon name needs to be unique"
else if ! (lib.hasSuffix "esr" browser.name) then
throw "Nix addons are only supported in Firefox ESR"
else builtins.map (a:
if ! (builtins.hasAttr "extid" a) then
throw "nixExtensions has an invalid entry. Missing extid attribute. Please use fetchfirefoxaddon"
else
a
) (if usesNixExtensions then nixExtensions else []);
enterprisePolicies =
{
policies = {
DisableAppUpdate = true;
} //
lib.optionalAttrs usesNixExtensions {
ExtensionSettings = {
"*" = {
blocked_install_message = "You can't have manual extension mixed with nix extensions";
installation_mode = "blocked";
};
} // lib.foldr (e: ret:
ret // {
"${e.extid}" = {
installation_mode = "allowed";
};
}
) {} extensions;
Extensions = {
Install = lib.foldr (e: ret:
ret ++ [ "${e.outPath}/${e.extid}.xpi" ]
) [] extensions;
};
} // lib.optionalAttrs smartcardSupport {
SecurityDevices = {
"OpenSC PKCS#11 Module" = "opensc-pkcs11.so";
};
}
// extraPolicies;
};
mozillaCfg = writeText "mozilla.cfg" ''
// First line must be a comment
// Disables addon signature checking
// to be able to install addons that do not have an extid
// Security is maintained because only user whitelisted addons
// with a checksum can be installed
${ lib.optionalString usesNixExtensions ''lockPref("xpinstall.signatures.required", false)'' };
${extraPrefs}
'';
#############################
# #
# END EXTRA PREF CHANGES #
# #
#############################
in stdenv.mkDerivation {
inherit pname version;
desktopItem = makeDesktopItem {
name = applicationName;
exec = "${applicationName}${nameSuffix} %U";
inherit icon;
desktopName = "${desktopName}${nameSuffix}${lib.optionalString forceWayland " (Wayland)"}";
genericName = "Web Browser";
categories = [ "Network" "WebBrowser" ];
mimeTypes = [
"text/html"
"text/xml"
"application/xhtml+xml"
"application/vnd.mozilla.xul+xml"
"x-scheme-handler/http"
"x-scheme-handler/https"
"x-scheme-handler/ftp"
];
startupWMClass = wmClass;
};
nativeBuildInputs = [ makeWrapper lndir jq ];
buildInputs = [ browser.gtk3 ];
buildCommand = ''
if [ ! -x "${browser}/bin/${applicationName}" ]
then
echo "cannot find executable file \`${browser}/bin/${applicationName}'"
exit 1
fi
#########################
# #
# EXTRA PREF CHANGES #
# #
#########################
# Link the runtime. The executable itself has to be copied,
# because it will resolve paths relative to its true location.
# Any symbolic links have to be replicated as well.
cd "${browser}"
find . -type d -exec mkdir -p "$out"/{} \;
find . -type f \( -not -name "${applicationName}" \) -exec ln -sT "${browser}"/{} "$out"/{} \;
find . -type f \( -name "${applicationName}" -o -name "${applicationName}-bin" \) -print0 | while read -d $'\0' f; do
cp -P --no-preserve=mode,ownership --remove-destination "${browser}/$f" "$out/$f"
chmod a+rwx "$out/$f"
done
# fix links and absolute references
find . -type l -print0 | while read -d $'\0' l; do
target="$(readlink "$l")"
target=''${target/#"${browser}"/"$out"}
ln -sfT "$target" "$out/$l"
done
cd "$out"
# create the wrapper
executablePrefix="$out/bin"
executablePath="$executablePrefix/${applicationName}"
oldWrapperArgs=()
if [[ -L $executablePath ]]; then
# Symbolic link: wrap the link's target.
oldExe="$(readlink -v --canonicalize-existing "$executablePath")"
rm "$executablePath"
elif wrapperCmd=$(${makeBinaryWrapper.extractCmd} "$executablePath"); [[ $wrapperCmd ]]; then
# If the executable is a binary wrapper, we need to update its target to
# point to $out, but we can't just edit the binary in-place because of length
# issues. So we extract the command used to create the wrapper and add the
# arguments to our wrapper.
parseMakeCWrapperCall() {
shift # makeCWrapper
oldExe=$1; shift
oldWrapperArgs=("$@")
}
eval "parseMakeCWrapperCall ''${wrapperCmd//"${browser}"/"$out"}"
rm "$executablePath"
else
if read -rn2 shebang < "$executablePath" && [[ $shebang == '#!' ]]; then
# Shell wrapper: patch in place to point to $out.
sed -i "s@${browser}@$out@g" "$executablePath"
fi
# Suffix the executable with -old, because -wrapped might already be used by the old wrapper.
oldExe="$executablePrefix/.${applicationName}"-old
mv "$executablePath" "$oldExe"
fi
makeWrapper "$oldExe" \
"''${executablePath}${nameSuffix}" \
--prefix LD_LIBRARY_PATH ':' "$libs" \
--suffix-each GTK_PATH ':' "$gtk_modules" \
--prefix PATH ':' "${xdg-utils}/bin" \
--suffix PATH ':' "$out/bin" \
--set MOZ_APP_LAUNCHER "${applicationName}${nameSuffix}" \
--set MOZ_SYSTEM_DIR "$out/lib/mozilla" \
--set MOZ_LEGACY_PROFILES 1 \
--set MOZ_ALLOW_DOWNGRADE 1 \
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
--suffix XDG_DATA_DIRS : '${gnome.adwaita-icon-theme}/share' \
${lib.optionalString forceWayland "--set MOZ_ENABLE_WAYLAND 1"} \
"''${oldWrapperArgs[@]}"
#############################
# #
# END EXTRA PREF CHANGES #
# #
#############################
if [ -e "${browser}/share/icons" ]; then
mkdir -p "$out/share"
ln -s "${browser}/share/icons" "$out/share/icons"
else
for res in 16 32 48 64 128; do
mkdir -p "$out/share/icons/hicolor/''${res}x''${res}/apps"
icon=$( find "${browser}/lib/" -name "default''${res}.png" )
if [ -e "$icon" ]; then ln -s "$icon" \
"$out/share/icons/hicolor/''${res}x''${res}/apps/${icon}.png"
fi
done
fi
install -D -t $out/share/applications $desktopItem/share/applications/*
mkdir -p $out/lib/mozilla/native-messaging-hosts
for ext in ${toString nativeMessagingHosts}; do
ln -sLt $out/lib/mozilla/native-messaging-hosts $ext/lib/mozilla/native-messaging-hosts/*
done
mkdir -p $out/lib/mozilla/pkcs11-modules
for ext in ${toString pkcs11Modules}; do
ln -sLt $out/lib/mozilla/pkcs11-modules $ext/lib/mozilla/pkcs11-modules/*
done
#########################
# #
# EXTRA PREF CHANGES #
# #
#########################
# user customization
mkdir -p $out/lib/${libName}
# creating policies.json
mkdir -p "$out/lib/${libName}/distribution"
POL_PATH="$out/lib/${libName}/distribution/policies.json"
rm -f "$POL_PATH"
cat ${policiesJson} >> "$POL_PATH"
extraPoliciesFiles=(${builtins.toString extraPoliciesFiles})
for extraPoliciesFile in "''${extraPoliciesFiles[@]}"; do
jq -s '.[0] + .[1]' "$POL_PATH" $extraPoliciesFile > .tmp.json
mv .tmp.json "$POL_PATH"
done
# preparing for autoconfig
mkdir -p "$out/lib/${libName}/defaults/pref"
echo 'pref("general.config.filename", "mozilla.cfg");' > "$out/lib/${libName}/defaults/pref/autoconfig.js"
echo 'pref("general.config.obscure_value", 0);' >> "$out/lib/${libName}/defaults/pref/autoconfig.js"
cat > "$out/lib/${libName}/mozilla.cfg" < ${mozillaCfg}
extraPrefsFiles=(${builtins.toString extraPrefsFiles})
for extraPrefsFile in "''${extraPrefsFiles[@]}"; do
cat "$extraPrefsFile" >> "$out/lib/${libName}/mozilla.cfg"
done
mkdir -p $out/lib/${libName}/distribution/extensions
#############################
# #
# END EXTRA PREF CHANGES #
# #
#############################
'';
preferLocalBuild = true;
libs = lib.makeLibraryPath libs + ":" + lib.makeSearchPathOutput "lib" "lib64" libs;
gtk_modules = map (x: x + x.gtkModule) gtk_modules;
passthru = { unwrapped = browser; };
disallowedRequisites = [ stdenv.cc ];
meta = browser.meta // {
description = browser.meta.description;
hydraPlatforms = [];
priority = (browser.meta.priority or 0) - 1; # prefer wrapper over the package
};
};
in lib.makeOverridable wrapper